@cubist-labs/cubesigner-sdk 0.1.23

package/dist/src/util.js

@@ -0,0 +1,75 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.assertOk = exports.ErrResponse = exports.configDir = void 0;
+const path = __importStar(require("path"));
+/**
+ * Directory where CubeSigner stores config files.
+ * @return {string} Config dir
+ */
+function configDir() {
+    const configDir = process.platform === "darwin"
+        ? `${process.env.HOME}/Library/Application Support`
+        : `${process.env.HOME}/.config`;
+    return path.join(configDir, "cubesigner");
+}
+exports.configDir = configDir;
+/**
+ * Error response type, thrown on non-successful responses.
+ */
+class ErrResponse extends Error {
+    /**
+     * Constructor
+     * @param {Partial<ErrResponse>} init Initializer
+     */
+    constructor(init) {
+        super(init.message);
+        Object.assign(this, init);
+    }
+}
+exports.ErrResponse = ErrResponse;
+/**
+ * Throw if on error response. Otherwise, return the response data.
+ * @param {ResponseType} resp The response to check
+ * @param {string} description Description to include in the thrown error
+ * @return {D} The response data.
+ * @internal
+ */
+function assertOk(resp, description) {
+    if (resp.error) {
+        throw new ErrResponse({
+            description,
+            message: resp.error.message,
+            statusText: resp.response?.statusText,
+            status: resp.response?.status,
+        });
+    }
+    if (resp.data === undefined) {
+        throw new Error("Response data is undefined");
+    }
+    return resp.data;
+}
+exports.assertOk = assertOk;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXRpbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy91dGlsLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsMkNBQTZCO0FBRTdCOzs7R0FHRztBQUNILFNBQWdCLFNBQVM7SUFDdkIsTUFBTSxTQUFTLEdBQ2IsT0FBTyxDQUFDLFFBQVEsS0FBSyxRQUFRO1FBQzNCLENBQUMsQ0FBQyxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSw4QkFBOEI7UUFDbkQsQ0FBQyxDQUFDLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLFVBQVUsQ0FBQztJQUNwQyxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLFlBQVksQ0FBQyxDQUFDO0FBQzVDLENBQUM7QUFORCw4QkFNQztBQUlEOztHQUVHO0FBQ0gsTUFBYSxXQUFZLFNBQVEsS0FBSztJQVFwQzs7O09BR0c7SUFDSCxZQUFZLElBQTBCO1FBQ3BDLEtBQUssQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDcEIsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7SUFDNUIsQ0FBQztDQUNGO0FBaEJELGtDQWdCQztBQUVEOzs7Ozs7R0FNRztBQUNILFNBQWdCLFFBQVEsQ0FBTyxJQUF3QixFQUFFLFdBQW9CO0lBQzNFLElBQUksSUFBSSxDQUFDLEtBQUssRUFBRTtRQUNkLE1BQU0sSUFBSSxXQUFXLENBQUM7WUFDcEIsV0FBVztZQUNYLE9BQU8sRUFBRyxJQUFJLENBQUMsS0FBYSxDQUFDLE9BQU87WUFDcEMsVUFBVSxFQUFFLElBQUksQ0FBQyxRQUFRLEVBQUUsVUFBVTtZQUNyQyxNQUFNLEVBQUUsSUFBSSxDQUFDLFFBQVEsRUFBRSxNQUFNO1NBQzlCLENBQUMsQ0FBQztLQUNKO0lBQ0QsSUFBSSxJQUFJLENBQUMsSUFBSSxLQUFLLFNBQVMsRUFBRTtRQUMzQixNQUFNLElBQUksS0FBSyxDQUFDLDRCQUE0QixDQUFDLENBQUM7S0FDL0M7SUFDRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUM7QUFDbkIsQ0FBQztBQWJELDRCQWFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgcGF0aCBmcm9tIFwicGF0aFwiO1xuXG4vKipcbiAqIERpcmVjdG9yeSB3aGVyZSBDdWJlU2lnbmVyIHN0b3JlcyBjb25maWcgZmlsZXMuXG4gKiBAcmV0dXJuIHtzdHJpbmd9IENvbmZpZyBkaXJcbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGNvbmZpZ0RpcigpOiBzdHJpbmcge1xuICBjb25zdCBjb25maWdEaXIgPVxuICAgIHByb2Nlc3MucGxhdGZvcm0gPT09IFwiZGFyd2luXCJcbiAgICAgID8gYCR7cHJvY2Vzcy5lbnYuSE9NRX0vTGlicmFyeS9BcHBsaWNhdGlvbiBTdXBwb3J0YFxuICAgICAgOiBgJHtwcm9jZXNzLmVudi5IT01FfS8uY29uZmlnYDtcbiAgcmV0dXJuIHBhdGguam9pbihjb25maWdEaXIsIFwiY3ViZXNpZ25lclwiKTtcbn1cblxudHlwZSBSZXNwb25zZVR5cGU8RCwgVD4gPSB7IGRhdGE/OiBEOyBlcnJvcj86IFQ7IHJlc3BvbnNlPzogUmVzcG9uc2UgfTtcblxuLyoqXG4gKiBFcnJvciByZXNwb25zZSB0eXBlLCB0aHJvd24gb24gbm9uLXN1Y2Nlc3NmdWwgcmVzcG9uc2VzLlxuICovXG5leHBvcnQgY2xhc3MgRXJyUmVzcG9uc2UgZXh0ZW5kcyBFcnJvciB7XG4gIC8qKiBEZXNjcmlwdGlvbiAqL1xuICByZWFkb25seSBkZXNjcmlwdGlvbj86IHN0cmluZztcbiAgLyoqIEhUVFAgc3RhdHVzIGNvZGUgdGV4dCAoZGVyaXZlZCBmcm9tIGB0aGlzLnN0YXR1c2ApICovXG4gIHJlYWRvbmx5IHN0YXR1c1RleHQ/OiBzdHJpbmc7XG4gIC8qKiBIVFRQIHN0YXR1cyBjb2RlICovXG4gIHJlYWRvbmx5IHN0YXR1cz86IG51bWJlcjtcblxuICAvKipcbiAgICogQ29uc3RydWN0b3JcbiAgICogQHBhcmFtIHtQYXJ0aWFsPEVyclJlc3BvbnNlPn0gaW5pdCBJbml0aWFsaXplclxuICAgKi9cbiAgY29uc3RydWN0b3IoaW5pdDogUGFydGlhbDxFcnJSZXNwb25zZT4pIHtcbiAgICBzdXBlcihpbml0Lm1lc3NhZ2UpO1xuICAgIE9iamVjdC5hc3NpZ24odGhpcywgaW5pdCk7XG4gIH1cbn1cblxuLyoqXG4gKiBUaHJvdyBpZiBvbiBlcnJvciByZXNwb25zZS4gT3RoZXJ3aXNlLCByZXR1cm4gdGhlIHJlc3BvbnNlIGRhdGEuXG4gKiBAcGFyYW0ge1Jlc3BvbnNlVHlwZX0gcmVzcCBUaGUgcmVzcG9uc2UgdG8gY2hlY2tcbiAqIEBwYXJhbSB7c3RyaW5nfSBkZXNjcmlwdGlvbiBEZXNjcmlwdGlvbiB0byBpbmNsdWRlIGluIHRoZSB0aHJvd24gZXJyb3JcbiAqIEByZXR1cm4ge0R9IFRoZSByZXNwb25zZSBkYXRhLlxuICogQGludGVybmFsXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBhc3NlcnRPazxELCBUPihyZXNwOiBSZXNwb25zZVR5cGU8RCwgVD4sIGRlc2NyaXB0aW9uPzogc3RyaW5nKTogRCB7XG4gIGlmIChyZXNwLmVycm9yKSB7XG4gICAgdGhyb3cgbmV3IEVyclJlc3BvbnNlKHtcbiAgICAgIGRlc2NyaXB0aW9uLFxuICAgICAgbWVzc2FnZTogKHJlc3AuZXJyb3IgYXMgYW55KS5tZXNzYWdlLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIEB0eXBlc2NyaXB0LWVzbGludC9uby1leHBsaWNpdC1hbnlcbiAgICAgIHN0YXR1c1RleHQ6IHJlc3AucmVzcG9uc2U/LnN0YXR1c1RleHQsXG4gICAgICBzdGF0dXM6IHJlc3AucmVzcG9uc2U/LnN0YXR1cyxcbiAgICB9KTtcbiAgfVxuICBpZiAocmVzcC5kYXRhID09PSB1bmRlZmluZWQpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoXCJSZXNwb25zZSBkYXRhIGlzIHVuZGVmaW5lZFwiKTtcbiAgfVxuICByZXR1cm4gcmVzcC5kYXRhO1xufVxuIl19

package/dist/test/sessions.d.ts

@@ -0,0 +1,35 @@
+import { EnvInterface } from "../src/env";
+/**
+ * Defaults.
+ */
+export declare class CubeSignerDefaults {
+    /** Default signer-session.json file path
+     * @return {string} Default signer-session.json file path
+     */
+    static signerSessionFile(): string;
+    /** Default management-session.json file path
+     * @return {string} Default management-session.json file path
+     */
+    static managementSessionFile(): string;
+}
+/** JSON representation of our "management session" file format */
+export interface ManagementSession {
+    email: string;
+    id_token: string;
+    access_token: string;
+    refresh_token: string;
+    expiration: string;
+    env: {
+        ["Dev-CubeSignerStack"]: EnvInterface;
+    };
+}
+/** JSON representation of our "signer session" file format */
+export interface SignerSession {
+    org_id: string;
+    role_id: string;
+    purpose: string;
+    token: string;
+    env: {
+        ["Dev-CubeSignerStack"]: EnvInterface;
+    };
+}

package/dist/test/sessions.js

@@ -0,0 +1,56 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CubeSignerDefaults = void 0;
+const path = __importStar(require("path"));
+/**
+ * Directory where CubeSigner stores config files.
+ * @return {string} Config dir
+ */
+function configDir() {
+    const configDir = process.platform === "darwin"
+        ? `${process.env.HOME}/Library/Application Support`
+        : `${process.env.HOME}/.config`;
+    return path.join(configDir, "cubesigner");
+}
+/**
+ * Defaults.
+ */
+class CubeSignerDefaults {
+    /** Default signer-session.json file path
+     * @return {string} Default signer-session.json file path
+     */
+    static signerSessionFile() {
+        return path.join(configDir(), "signer-session.json");
+    }
+    /** Default management-session.json file path
+     * @return {string} Default management-session.json file path
+     */
+    static managementSessionFile() {
+        return path.join(configDir(), "management-session.json");
+    }
+}
+exports.CubeSignerDefaults = CubeSignerDefaults;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2Vzc2lvbnMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90ZXN0L3Nlc3Npb25zLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsMkNBQTZCO0FBRzdCOzs7R0FHRztBQUNILFNBQVMsU0FBUztJQUNoQixNQUFNLFNBQVMsR0FDYixPQUFPLENBQUMsUUFBUSxLQUFLLFFBQVE7UUFDM0IsQ0FBQyxDQUFDLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLDhCQUE4QjtRQUNuRCxDQUFDLENBQUMsR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksVUFBVSxDQUFDO0lBQ3BDLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsWUFBWSxDQUFDLENBQUM7QUFDNUMsQ0FBQztBQUVEOztHQUVHO0FBQ0gsTUFBYSxrQkFBa0I7SUFDN0I7O09BRUc7SUFDSCxNQUFNLENBQUMsaUJBQWlCO1FBQ3RCLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsRUFBRSxxQkFBcUIsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRDs7T0FFRztJQUNILE1BQU0sQ0FBQyxxQkFBcUI7UUFDMUIsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxFQUFFLHlCQUF5QixDQUFDLENBQUM7SUFDM0QsQ0FBQztDQUNGO0FBZEQsZ0RBY0MiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgKiBhcyBwYXRoIGZyb20gXCJwYXRoXCI7XG5pbXBvcnQgeyBFbnZJbnRlcmZhY2UgfSBmcm9tIFwiLi4vc3JjL2VudlwiO1xuXG4vKipcbiAqIERpcmVjdG9yeSB3aGVyZSBDdWJlU2lnbmVyIHN0b3JlcyBjb25maWcgZmlsZXMuXG4gKiBAcmV0dXJuIHtzdHJpbmd9IENvbmZpZyBkaXJcbiAqL1xuZnVuY3Rpb24gY29uZmlnRGlyKCk6IHN0cmluZyB7XG4gIGNvbnN0IGNvbmZpZ0RpciA9XG4gICAgcHJvY2Vzcy5wbGF0Zm9ybSA9PT0gXCJkYXJ3aW5cIlxuICAgICAgPyBgJHtwcm9jZXNzLmVudi5IT01FfS9MaWJyYXJ5L0FwcGxpY2F0aW9uIFN1cHBvcnRgXG4gICAgICA6IGAke3Byb2Nlc3MuZW52LkhPTUV9Ly5jb25maWdgO1xuICByZXR1cm4gcGF0aC5qb2luKGNvbmZpZ0RpciwgXCJjdWJlc2lnbmVyXCIpO1xufVxuXG4vKipcbiAqIERlZmF1bHRzLlxuICovXG5leHBvcnQgY2xhc3MgQ3ViZVNpZ25lckRlZmF1bHRzIHtcbiAgLyoqIERlZmF1bHQgc2lnbmVyLXNlc3Npb24uanNvbiBmaWxlIHBhdGhcbiAgICogQHJldHVybiB7c3RyaW5nfSBEZWZhdWx0IHNpZ25lci1zZXNzaW9uLmpzb24gZmlsZSBwYXRoXG4gICAqL1xuICBzdGF0aWMgc2lnbmVyU2Vzc2lvbkZpbGUoKTogc3RyaW5nIHtcbiAgICByZXR1cm4gcGF0aC5qb2luKGNvbmZpZ0RpcigpLCBcInNpZ25lci1zZXNzaW9uLmpzb25cIik7XG4gIH1cblxuICAvKiogRGVmYXVsdCBtYW5hZ2VtZW50LXNlc3Npb24uanNvbiBmaWxlIHBhdGhcbiAgICogQHJldHVybiB7c3RyaW5nfSBEZWZhdWx0IG1hbmFnZW1lbnQtc2Vzc2lvbi5qc29uIGZpbGUgcGF0aFxuICAgKi9cbiAgc3RhdGljIG1hbmFnZW1lbnRTZXNzaW9uRmlsZSgpOiBzdHJpbmcge1xuICAgIHJldHVybiBwYXRoLmpvaW4oY29uZmlnRGlyKCksIFwibWFuYWdlbWVudC1zZXNzaW9uLmpzb25cIik7XG4gIH1cbn1cblxuLyoqIEpTT04gcmVwcmVzZW50YXRpb24gb2Ygb3VyIFwibWFuYWdlbWVudCBzZXNzaW9uXCIgZmlsZSBmb3JtYXQgKi9cbmV4cG9ydCBpbnRlcmZhY2UgTWFuYWdlbWVudFNlc3Npb24ge1xuICBlbWFpbDogc3RyaW5nO1xuICBpZF90b2tlbjogc3RyaW5nO1xuICBhY2Nlc3NfdG9rZW46IHN0cmluZztcbiAgcmVmcmVzaF90b2tlbjogc3RyaW5nO1xuICBleHBpcmF0aW9uOiBzdHJpbmc7XG4gIGVudjoge1xuICAgIFtcIkRldi1DdWJlU2lnbmVyU3RhY2tcIl06IEVudkludGVyZmFjZTtcbiAgfTtcbn1cblxuLyoqIEpTT04gcmVwcmVzZW50YXRpb24gb2Ygb3VyIFwic2lnbmVyIHNlc3Npb25cIiBmaWxlIGZvcm1hdCAqL1xuZXhwb3J0IGludGVyZmFjZSBTaWduZXJTZXNzaW9uIHtcbiAgb3JnX2lkOiBzdHJpbmc7XG4gIHJvbGVfaWQ6IHN0cmluZztcbiAgcHVycG9zZTogc3RyaW5nO1xuICB0b2tlbjogc3RyaW5nO1xuICBlbnY6IHtcbiAgICBbXCJEZXYtQ3ViZVNpZ25lclN0YWNrXCJdOiBFbnZJbnRlcmZhY2U7XG4gIH07XG59XG4iXX0=

package/package.json

@@ -0,0 +1,61 @@
+{
+  "name": "@cubist-labs/cubesigner-sdk",
+  "author": "Cubist, Inc.",
+  "version": "0.1.23",
+  "description": "CubeSigner TypeScript SDK",
+  "homepage": "https://github.com/cubist-labs/CubeSigner-TypeScript-SDK",
+  "bugs": "https://github.com/cubist-labs/CubeSigner-TypeScript-SDK/issues",
+  "license": "MIT OR Apache-2.0",
+  "files": [
+    "tsconfig.json",
+    "src/**",
+    "dist/**",
+    "NOTICE",
+    "LICENSE-APACHE",
+    "LICENSE-MIT"
+  ],
+  "main": "dist/src/index.js",
+  "types": "dist/src/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "test": "jest --maxWorkers=1",
+    "prepack": "tsc",
+    "typedoc": "typedoc",
+    "fix": "eslint . --ext .ts --fix",
+    "lint": "eslint . --ext .ts",
+    "fmt": "prettier --write .",
+    "fmt-check": "prettier --check .",
+    "gen-schema": "npx openapi-typescript ./spec/openapi.json --output ./src/schema.ts"
+  },
+  "dependencies": {
+    "ethers": "^6.7.1",
+    "openapi-fetch": "0.6.1"
+  },
+  "devDependencies": {
+    "@types/chai": "^4.3.5",
+    "@types/jest": "^29.5.2",
+    "@types/node": "^20.3.2",
+    "@types/node-fetch": "^2.6.4",
+    "@types/tmp": "^0.2.3",
+    "@typescript-eslint/eslint-plugin": "^5.60.1",
+    "chai": "^4.3.7",
+    "eslint": "^8.43.0",
+    "eslint-config-google": "^0.14.0",
+    "eslint-config-prettier": "^8.8.0",
+    "jest": "^29.5.0",
+    "openapi-typescript": "^6.2.8",
+    "otplib": "^12.0.1",
+    "prettier": "3.0.0",
+    "tmp": "^0.2.1",
+    "ts-jest": "^29.1.0",
+    "ts-node": "^10.9.1",
+    "typedoc": "^0.24.8",
+    "typescript": "^5.1.6"
+  },
+  "optionalDependencies": {
+    "@aws-sdk/client-cognito-identity-provider": "^3.398.0"
+  },
+  "prettier": {
+    "printWidth": 100
+  }
+}

package/src/client.ts

@@ -0,0 +1,12 @@
+import createClient from "openapi-fetch";
+import { paths } from "./schema";
+
+/** Type of http client.
+ * @internal
+ * */
+export type Client = ReturnType<typeof createClient<paths>>;
+
+/** Re-export schema.
+ * @internal
+ * */
+export * from "./schema";

package/src/env.ts

@@ -0,0 +1,25 @@
+import * as prodSpec from "../spec/env/prod.json";
+import * as gammaSpec from "../spec/env/gamma.json";
+import * as betaSpec from "../spec/env/beta.json";
+
+export type Environment =
+  /** Production environment */
+  | "prod"
+  /** Gamma, staging environment */
+  | "gamma"
+  /** Beta, development environment */
+  | "beta";
+
+export interface EnvInterface {
+  ClientId: string;
+  LongLivedClientId: string;
+  Region: string;
+  UserPoolId: string;
+  SignerApiRoot: string;
+}
+
+export const envs: Record<Environment, EnvInterface> = {
+  prod: prodSpec["Dev-CubeSignerStack"],
+  gamma: gammaSpec["Dev-CubeSignerStack"],
+  beta: betaSpec["Dev-CubeSignerStack"],
+};

package/src/ethers/index.ts

@@ -0,0 +1,131 @@
+import {
+  JsonRpcApiProvider,
+  TypedDataDomain,
+  TypedDataEncoder,
+  TypedDataField,
+  ethers,
+  getBytes,
+  toBeHex,
+} from "ethers";
+import { BlobSignRequest, EvmSignRequest, SignerSession } from "../signer_session";
+import { Key } from "../key";
+
+/**
+ * A ethers.js Signer using CubeSigner
+ */
+export class Signer extends ethers.AbstractSigner {
+  /** The address of the account */
+  readonly #address: string;
+
+  /** The key to use for signing */
+  #key?: Key;
+
+  /** The underlying session */
+  readonly #signerSession: SignerSession;
+
+  /** Create new Signer instance
+   * @param {string} address The address of the account to use.
+   * @param {SignerSession} signerSession The underlying Signer session.
+   * @param {null | ethers.Provider} provider The optional provider instance to use.
+   */
+  constructor(address: string, signerSession: SignerSession, provider?: null | ethers.Provider) {
+    super(provider);
+    this.#address = address;
+    this.#signerSession = signerSession;
+  }
+
+  /** Resolves to the signer address. */
+  async getAddress(): Promise<string> {
+    return this.#address;
+  }
+
+  /**
+   *  Returns the signer connected to %%provider%%.
+   *  @param {null | ethers.Provider} provider The optional provider instance to use.
+   *  @return {Signer} The signer connected to signer.
+   */
+  connect(provider: null | ethers.Provider): Signer {
+    return new Signer(this.#address, this.#signerSession, provider);
+  }
+
+  /**
+   * Signs a transaction. This populates the transaction type to `0x02` (EIP-1559) unless set.
+   * @param {ethers.TransactionRequest} tx The transaction to sign.
+   * @return {Promise<string>} Hex-encoded RLP encoding of the transaction and its signature.
+   */
+  async signTransaction(tx: ethers.TransactionRequest): Promise<string> {
+    // get the chain id from the network or tx
+    let chainId = tx.chainId;
+    if (chainId === undefined) {
+      const network = await this.provider?.getNetwork();
+      chainId = network?.chainId?.toString() ?? "1";
+    }
+
+    // Convert the transaction into a JSON-RPC transaction
+    const rpcTx =
+      this.provider instanceof JsonRpcApiProvider
+        ? this.provider.getRpcTransaction(tx)
+        : // We can just call the getRpcTransaction with a
+          // null receiver since it doesn't actually use it
+          // (and really should be declared static).
+          JsonRpcApiProvider.prototype.getRpcTransaction.call(null, tx);
+    rpcTx.type = toBeHex(tx.type ?? 0x02, 1); // we expect 0x0[0-2]
+
+    const req = <EvmSignRequest>{
+      chain_id: Number(chainId),
+      tx: rpcTx,
+    };
+    const sig = await this.#signerSession.signEvm(this.#address, req);
+    return sig.data().rlp_signed_tx;
+  }
+
+  /** Signs arbitrary messages. This uses ethers.js's [hashMessage](https://docs.ethers.org/v6/api/hashing/#hashMessage)
+   * to compute the EIP-191 digest and signs this digest using {@link Key#signBlob}.
+   * The key (for this session) must have the `"AllowRawBlobSigning"` policy attached.
+   * @param {string | Uint8Array} message The message to sign.
+   * @return {Promise<string>} The signature.
+   */
+  async signMessage(message: string | Uint8Array): Promise<string> {
+    const digest = ethers.hashMessage(message);
+    return this.signBlob(digest);
+  }
+
+  /** Signs EIP-712 typed data. This uses ethers.js's
+   * [TypedDataEncoder.hash](https://docs.ethers.org/v6/api/hashing/#TypedDataEncoder_hash)
+   * to compute the EIP-712 digest and signs this digest using {@link Key#signBlob}.
+   * The key (for this session) must have the `"AllowRawBlobSigning"` policy attached.
+   * @param {TypedDataDomain} domain The domain of the typed data.
+   * @param {Record<string, Array<TypedDataField>>} types The types of the typed data.
+   * @param {Record<string, any>} value The value of the typed data.
+   * @return {Promise<string>} The signature.
+   */
+  async signTypedData(
+    domain: TypedDataDomain,
+    types: Record<string, Array<TypedDataField>>,
+    value: Record<string, any>, // eslint-disable-line @typescript-eslint/no-explicit-any
+  ): Promise<string> {
+    const digest = TypedDataEncoder.hash(domain, types, value);
+    return this.signBlob(digest);
+  }
+
+  /** Sign arbitrary digest. This uses {@link Key#signBlob}.
+   * @param {string} digest The digest to sign.
+   * @return {Promise<string>} The signature.
+   */
+  private async signBlob(digest: string): Promise<string> {
+    const blobReq = <BlobSignRequest>{
+      message_base64: Buffer.from(getBytes(digest)).toString("base64"),
+    };
+    // Get the key corresponding to this address
+    if (this.#key === undefined) {
+      const key = (await this.#signerSession.keys()).find((k) => k.materialId === this.#address);
+      if (key === undefined) {
+        throw new Error(`Cannot access key '${this.#address}'`);
+      }
+      this.#key = key;
+    }
+    // sign
+    const result = await this.#signerSession.signBlob(this.#key, blobReq);
+    return result.data().signature;
+  }
+}

package/src/index.ts

@@ -0,0 +1,220 @@
+import { envs, EnvInterface } from "./env";
+import { components, Client } from "./client";
+import { Org } from "./org";
+import { JsonFileSessionStorage, MemorySessionStorage } from "./session/session_storage";
+import { SignerSessionStorage } from "./session/signer_session_manager";
+import { SignerSession } from "./signer_session";
+import {
+  ManagementSessionManager,
+  ManagementSessionStorage,
+} from "./session/management_session_manager";
+import { OidcSessionManager, OidcSessionStorage } from "./session/oidc_session_manager";
+import { assertOk, configDir } from "./util";
+import * as path from "path";
+
+/** CubeSigner constructor options */
+export interface CubeSignerOptions {
+  /** The environment to use */
+  env?: EnvInterface;
+  /** The management authorization token */
+  sessionMgr?: ManagementSessionManager | OidcSessionManager;
+}
+
+export type UserInfo = components["schemas"]["UserInfo"];
+export type TotpInfo = components["responses"]["TotpInfo"]["content"]["application/json"];
+export type ConfiguredMfa = components["schemas"]["ConfiguredMfa"];
+
+/** CubeSigner client */
+export class CubeSigner {
+  readonly #env: EnvInterface;
+  readonly sessionMgr?: ManagementSessionManager | OidcSessionManager;
+
+  /** @return {EnvInterface} The CubeSigner environment of this client */
+  get env(): EnvInterface {
+    return this.#env;
+  }
+
+  /**
+   * Loads an existing management session and creates a CubeSigner instance.
+   * @param {ManagementSessionStorage} storage Optional session storage to load
+   * the session from. If not specified, the management session from the config
+   * directory will be loaded.
+   * @return {Promise<CubeSigner>} New CubeSigner instance
+   */
+  static async loadManagementSession(storage?: ManagementSessionStorage): Promise<CubeSigner> {
+    const defaultFilePath = path.join(configDir(), "management-session.json");
+    const sessionMgr = await ManagementSessionManager.loadFromStorage(
+      storage ?? new JsonFileSessionStorage(defaultFilePath),
+    );
+    return new CubeSigner(<CubeSignerOptions>{
+      sessionMgr,
+    });
+  }
+
+  /**
+   * Loads a signer session from a session storage (e.g., session file).
+   * @param {SignerSessionStorage} storage Optional session storage to load
+   * the session from. If not specified, the signer session from the config
+   * directory will be loaded.
+   * @return {Promise<SignerSession>} New signer session
+   */
+  static async loadSignerSession(storage?: SignerSessionStorage): Promise<SignerSession> {
+    const defaultFilePath = path.join(configDir(), "signer-session.json");
+    const sss = storage ?? new JsonFileSessionStorage(defaultFilePath);
+    const env = (await sss.retrieve()).env["Dev-CubeSignerStack"];
+    return await SignerSession.loadSignerSession(new CubeSigner({ env }), sss);
+  }
+
+  /**
+   * Loads a signer session from OIDC storage
+   * @param {OidcSessionStorage} storage The storage to load from
+   * @return {Promise<SignerSession>} New signer session
+   */
+  static async loadOidcSession(storage: OidcSessionStorage): Promise<SignerSession> {
+    const env = (await storage.retrieve()).env;
+    return await SignerSession.loadOidcSession(new CubeSigner({ env }), storage);
+  }
+
+  /**
+   * Create a new CubeSigner instance.
+   * @param {CubeSignerOptions} options The options for the CubeSigner instance.
+   */
+  constructor(options: CubeSignerOptions) {
+    let env = options.env;
+    if (options.sessionMgr) {
+      this.sessionMgr = options.sessionMgr;
+      env = env ?? this.sessionMgr.env;
+    }
+    this.#env = env ?? envs["gamma"];
+  }
+
+  /**
+   * Authenticate an OIDC user and create a new OIDC session manager for them.
+   * @param {string} oidcToken The OIDC token
+   * @param {string} orgId The id of the organization that the user is in
+   * @param {List<string>} scopes The scopes of the resulting session
+   * @param {OidcSessionStorage} storage The signer session storage
+   * @return {Promise<OidcSessionManager>} The OIDC session manager
+   */
+  async createOidcManager(
+    oidcToken: string,
+    orgId: string,
+    scopes: Array<string>,
+    storage?: OidcSessionStorage,
+  ): Promise<OidcSessionManager> {
+    return await OidcSessionManager.create(
+      this.env,
+      storage || new MemorySessionStorage(),
+      oidcToken,
+      orgId,
+      scopes,
+    );
+  }
+
+  /**
+   * Authenticate an OIDC user and create a new session for them.
+   * @param {string} oidcToken The OIDC token
+   * @param {string} orgId The id of the organization that the user is in
+   * @param {List<string>} scopes The scopes of the resulting session
+   * @param {OidcSessionStorage} storage The signer session storage
+   * @return {Promise<SignerSession>} The signer session
+   */
+  async createOidcSession(
+    oidcToken: string,
+    orgId: string,
+    scopes: Array<string>,
+    storage?: OidcSessionStorage,
+  ): Promise<SignerSession> {
+    const mgr = await this.createOidcManager(oidcToken, orgId, scopes, storage);
+    return await CubeSigner.loadOidcSession(mgr.storage);
+  }
+
+  /** Retrieves information about the current user. */
+  async aboutMe(): Promise<UserInfo> {
+    const resp = await (
+      await this.management()
+    ).get("/v0/about_me", {
+      parseAs: "json",
+    });
+    const data = assertOk(resp);
+    return data;
+  }
+
+  /**
+   * Creates and sets a new TOTP configuration for the logged-in user,
+   * overriding the existing one (if any).
+   */
+  async resetTotp(): Promise<TotpInfo> {
+    const resp = await (
+      await this.management()
+    ).patch("/v0/totp", {
+      parseAs: "json",
+    });
+    return assertOk(resp);
+  }
+
+  /**
+   * Verifies a given TOTP code against the current user's TOTP configuration.
+   * Throws an error if the verification fails.
+   * @param {string} code Current TOTP code
+   */
+  async verifyTotp(code: string) {
+    const resp = await (
+      await this.management()
+    ).get("/v0/totp/verify/{code}", {
+      params: { path: { code } },
+      parseAs: "json",
+    });
+    assertOk(resp);
+  }
+
+  /** Retrieves information about an organization.
+   * @param {string} orgId The ID or name of the organization.
+   * @return {Org} The organization.
+   * */
+  async getOrg(orgId: string): Promise<Org> {
+    const resp = await (
+      await this.management()
+    ).get("/v0/org/{org_id}", {
+      params: { path: { org_id: orgId } },
+      parseAs: "json",
+    });
+
+    const data = assertOk(resp);
+    return new Org(this, data);
+  }
+
+  /** Get the management client.
+   * @return {Client} The client.
+   * @internal
+   * */
+  async management(): Promise<Client> {
+    if (!this.sessionMgr) {
+      throw new Error("No management session loaded");
+    }
+    return await this.sessionMgr.client();
+  }
+}
+
+/** Organizations */
+export * from "./org";
+/** Keys */
+export * from "./key";
+/** Roles */
+export * from "./role";
+/** Env */
+export * from "./env";
+/** Sessions */
+export * from "./signer_session";
+/** Session storage */
+export * from "./session/session_storage";
+/** Session manager */
+export * from "./session/session_manager";
+/** Management session manager */
+export * from "./session/management_session_manager";
+/** OIDC session manager */
+export * from "./session/oidc_session_manager";
+/** Signer session manager */
+export * from "./session/signer_session_manager";
+/** Export ethers.js Signer */
+export * as ethers from "./ethers";